Cloudflare, the global cloud network operating multiple websites on the internet, went down for around 40 minutes this morning.
At 8:56am GMT, the company acknowledged the issue on its status page and at 9:12am, a fix was implemented. Shortly after, Cloudflare CTO shared more on the root cause being an attempt to fix a security vulnerability. This required some features to be temporarily disabled, which caused the outage.
While the company's service page reports all is well, we're still monitoring the situation. Here are all the latest updates on the outage that happened this morning.
The lowdown
OK, let me fill you in! At 8:56am, Cloudflare reported there were "service issues" — saying customers "using the Dashboard / Cloudflare APIs are impacted as requests might fail and/or errors may be displayed."
On the Cloudflare status page (which doesn't seem to be loading right now...ominous), the company said a fix was implemented at 9:12am.
What else seems to be affected?
You can see how many services have been impacted by this. Quick side note: AWS is not down. Their status page shows all servers running normally. Cloudflare is a different entity.
Something odd just happened
So the Cloudflare status page initially showed this, then stopped loading. Now that the page is back up, we're not seeing this at all. Instead, we're seeing updates about "scheduled maintenance" happening today at the DTW (Detroit) and ORD (Chicago) locations.
On top of this, some Workers scripts issues too.
Cloudflare CTO has commented
We are aware of the issue impacting the availability of Cloudflare’s network. It was not an attack; root cause was disabling some logging to help mitigate this week’s React CVE.Will share full details in a blog post today. Sites should be back online now, but I understand the…December 5, 2025
Cloudflare CTO Dane Knecht posted on X about the issues internet users saw. Let's break it down.
So the good news is it wasn't a hostile cyberattack like a DDoS. Cloudflare was attempting to fix a security vulnerability (known as Common Vulnerabilities and Exposures (CVE)) in the web dev framework Cloudflare uses called React.
Full details will be shared in a blog explainer later today.
Things seem to be back to normal
Down Detector reports have dropped back down super low, and in our tests, no more 500 server errors are appearing on any sites that are on the Cloudflare side of things.
We'll keep monitoring the situation in the background, and will be waiting for Cloudflare's blog explaining what happened here.
